Re: [Qemu-devel] [PATCH for 2.1] qemu_opts_append: Play nicely with QemuOptsList's head

[Eric Blake <eblake@redhat.com>]

[-- Attachment #1: Type: text/plain, Size: 1525 bytes --]

On 06/25/2014 02:38 AM, Michal Privoznik wrote:
> When running a libvirt test suite I've noticed the qemu-img is
> crashing occasionally. Tracing the problem down led me to the
> following valgrind output:

Thanks for tracking this! It has been reported in other threads, but
yours is the first patch.

> The problem is apparently in the qemu_opts_append(). Well, if it
> gets called twice or more. On the first call, when @dst is NULL
> some initialization is done during which @dst->head list gets
> initialized. The list is initialized in a way, so that the list
> tail points at the list head. However, the next time
> qemu_opts_append() is called for new options to be added,
> g_realloc() may move @dst at new address making the old list tail

s/at new/to a new/

> point at invalid address. If that's the case we must update the
> list pointers.
> 
> Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
> ---
>  util/qemu-option.c | 11 ++++++++++-
>  1 file changed, 10 insertions(+), 1 deletion(-)

Reviewed-by: Eric Blake <eblake@redhat.com>


> +        need_head_update = true;
> +    } else {
> +        /* Moreover, even if dst is not NULL, the realloc may move it at a

s/at/to/

> +         * different address in which case we may get a stale tail pointer
> +         * in dst->head. */
> +        need_head_update = QTAILQ_EMPTY(&dst->head);
>      }
>  

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 604 bytes --]